Executive Summary

CVE-2026-6022 is an uncontrolled resource consumption vulnerability in Progress® Telerik® UI for AJAX versions prior to 2026.1.421. Specifically, the RadAsyncUpload component does not properly enforce the configured maximum file upload size cumulatively during chunk reassembly. This means that attackers can upload files that exceed the intended size limits by sending multiple chunks, which are then combined without proper size checks.

As a result, this flaw can lead to excessive disk space usage on the server.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing attackers to consume excessive disk space on your server through oversized file uploads. Because the maximum upload size is not properly enforced cumulatively, attackers can bypass size restrictions and cause disk space exhaustion.

Such resource exhaustion can lead to denial of service conditions, potentially disrupting normal operations and affecting availability.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Progress® Telerik® UI for AJAX prior to 2026.1.421 allows uncontrolled resource consumption through file uploads exceeding the configured maximum size, leading to disk space exhaustion.

While the CVE description and available resources do not explicitly mention compliance with standards such as GDPR or HIPAA, uncontrolled resource consumption vulnerabilities can indirectly impact compliance by causing denial of service or system unavailability, which may affect the integrity and availability requirements of these regulations.

However, there is no direct information provided about how this vulnerability specifically affects compliance with GDPR, HIPAA, or other common standards.

Useful 0 Not Useful 0